Update docker/trivy/start.sh

2024-01-20 21:39:51 +00:00 · 2024-01-20 21:39:51 +00:00 · f3f59718c4
parent e57389ec37
commit f3f59718c4
1 changed files with 6 additions and 11 deletions
--- a/docker/trivy/start.sh
+++ b/docker/trivy/start.sh
@ -4,19 +4,13 @@ TIMEOUT=${TIMEOUT:-120m}
 IGNORE_UNFIXED=${IGNORE_UNFIXED:-false}
 LOW_PRIORITY=${LOW_PRIORITY:-true}

-# Use SCANNERS_ENV if provided, otherwise default to vuln, config, secret
-if [ -n "$SCANNERS_ENV" ]; then
-    OLD_IFS="$IFS"
-    IFS=',' read -r -a SCANNERS <<EOF
-$SCANNERS_ENV
-EOF
-    IFS="$OLD_IFS"
-else
-    SCANNERS=("vuln" "config" "secret")
-fi
+# Use SCANNERS_ENV if provided, otherwise default to vuln,config,secret
+SCANNERS_ENV=${SCANNERS_ENV:-"vuln,config,secret"}

 run_scan() {
-    for SCANNER in "${SCANNERS[@]}"; do
+    OLD_IFS="$IFS"
+    IFS=','
+    for SCANNER in $SCANNERS_ENV; do
        CURRENT_LOG="/log/trivy_scan_${SCANNER}.log"
        if [ "$LOW_PRIORITY" = "true" ]; then
            nice -n 19 trivy filesystem --skip-update --timeout $TIMEOUT --scanners $SCANNER $( [ "$IGNORE_UNFIXED" = "true" ] && echo '--ignore-unfixed' ) /mnt > $CURRENT_LOG
@ -24,6 +18,7 @@ run_scan() {
            trivy filesystem --skip-update --timeout $TIMEOUT --scanners $SCANNER $( [ "$IGNORE_UNFIXED" = "true" ] && echo '--ignore-unfixed' ) /mnt > $CURRENT_LOG
        fi
    done
+    IFS="$OLD_IFS"
 }

 compare_scans() {